forwarding ports fc5 for server
 

i have a 500mhz p3 intel dell computer that is a few years old, but i set it up as my router for my cable modem connection

while everything seems to function correctly, i am unsure how to forward ports for various things (ssh, bittorrent, ftp)

ive read a bit of google and i believe you use the iptables to open ports (this is what i did for routing the internet)

i am a bit of a newbie, but know some linux

please help!
thanks,
pula

if you wanna forward ports lookup on iptables -j SNAT / -j DNAT targets

Sounds like we have similar configurations. My cable modem plugs into one network interface on my debian box, and my wireless router plugs into the second interface. I believe I could have plugged in the modem directly into the router and had it do all the network address translation, but I run a few servers on the debian box, and I wanted it to have a direct connection. In order to run the box as a full gateway (I think that's what its called), I need to configure iptables and run bind for address resolution.

Here's the shell script that I run to start iptables to forward all ip requests from eth1 (internal LAN) to eth0 (internet).

For BIND9, The default configuration should suffice for normal home use. I have no idea how to configure it to do anything else :). Just install the package, start the server, and you should be ready to go. This is needed (in my network setup) to allow all your LAN machines to resolve internet addresses.

NOW....

In order to directly connect to one of your machines on the internal network from the internet, you'll have to forward a port on the gateway machine. The easiest way to do this is with SSH. "man ssh" for the details. Here's what I used the other day to connect to my OS X laptop from the internet through my LAN:

This will open port 8000 on the gateway machine and will forward it to port 22 (ssh port) on the laptop. Flags: '-Nn' directs all inputs and outputs to/from /dev/null, '-vv' is very verbose output, '-g' allows external clients to connect, '-L 8000:osx.6thstreetradio.org:22' tells ssh to forward LOCAL port 8000 to remote port 22 (see the -R flag to tunnel the other way).

This is perhaps the most useful networking cruft that I know about linux.

-dave

maybe this will help the both of you

The --to-destination option tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. The above example would send on all packets destined for IP address 15.45.23.67 to a range of LAN IP's, namely 192.168.1.1 through 10. Note, as described previously, that a single stream will always use the same host, and that each stream will randomly be given an IP address that it will always be Destined for, within that stream. We could also have specified only one IP address, in which case we would always be connected to the same host. Also note that we may add a port or port range to which the traffic would be redirected to. This is done by adding, for example, an :80 statement to the IP addresses to which we want to DNAT the packets. A rule could then look like --to-destination 192.168.1.1:80 for example, or like --to-destination 192.168.1.1:80-100 if we wanted to specify a port range. As you can see, the syntax is pretty much the same for the DNAT target, as for the SNAT target even though they do two totally different things. Do note that port specifications are only valid for rules that specify the TCP or UDP protocols with the --protocol option.

do i have to redo my entire iptable configuration each time i want to forward ports?

NO, if in case forwarding ports isnt the only functional use of your iptable script, you can create another seperate script for forwarding ports with respective SNAT/DNAT rules in it.

Yes, if incase you are only using iptables to forward ports.

Though you can place this script or any script in any of your box's startup scripts to let them activate @ boot & you can also use iptables-save & restore function. Try google them for further details, man page is a nice place to startwith as well.